Collect copies of processes shown up as being "(deleted)" #36
Comments
|
I have updated UAC to collect copies of '/proc/[pid]/exe' and their related '/proc/[pid]/fd/*' if they are shown up as being (deleted) on Linux systems. They are copied using 'dd conv=swab' tool in order to avoid UAC output file being flagged and quarantined by any antivirus tool. Clone the following branch if you want to test it please -> https://github.com/tclahr/uac/tree/feature/issue-36 |
|
I have updated UAC to collect copies of '/proc/[pid]/object/a.out' if they are shown up as being (deleted) on Solaris systems. They are copied using 'dd conv=swab' tool in order to avoid UAC output file being flagged and quarantined by any antivirus tool. Clone the following branch if you want to test it please -> https://github.com/tclahr/uac/tree/feature/issue-36 |
|
Merged into develop branch via PR #42 |
Collect copies of
/proc/<pid>/exeor any of/proc/<pid>/fd/*if they are shown up as being "(deleted)".Please refer to discussion #34
The text was updated successfully, but these errors were encountered: